Close Menu
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing & Mental Health
  • Marketing
  • HR & Recruitment
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
X (Twitter) LinkedIn YouTube
Trending
  • European Businesses Facing Increased Costs Due To Supply Chain Disruption
  • Dementia Advocate Shares Tips For Supporting People With Dementia When Flying
  • SME Today talks to Sa’ed Anabtawi, Product Director, WOLF
  • The Truth Behind ‘Sickies’
  • Five ways to monetise your business EV chargers
  • New book on conquering fear of public speaking
  • 1 in 3 employees anxious about lack of first aiders at work
  • What SMEs risk when their IT provider gets bought out
X (Twitter) LinkedIn YouTube
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing
  • Marketing
  • HR & Recruitment
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • Twitter
  • LinkedIn
  • YouTube
  • RSS
You are at:Home»Technology»Why email is at risk of becoming a security blindspot for IT leaders
Is Email still relevant

Why email is at risk of becoming a security blindspot for IT leaders

2
Posted By sme-admin on February 26, 2025 Technology

Rick Goud, Founder & CIO of Zivver shares why email is at risk of becoming a security blindspot for IT leaders

As AI takes centre stage in 2025, businesses and employees are flooded with innovative applications and productivity tools. Yet, despite this technological surge, email remains the backbone of workplace communication across industries—used for everything from casual exchanges to sharing sensitive documents. In fact, our research shows that more than 90% of employees still consider email ‘important’ or ‘very important’ to their daily work.

However, as our digital and cybersecurity landscape evolves, there is a risk that email – while still an essential channel – is being left behind. Our latest report points to an emerging gap between the perceived risk of using email and the reality “on the ground” for security and risk management teams. While IT leaders are understandably focused on inbound threats such as phishing attacks, which 47% rank as their top concern, two-thirds admit that outbound security breaches – often caused by innocent human mistakes – contribute more to incidents of data loss. With many businesses taking email for granted, there is now a very real risk that the channel is becoming a security blindspot. 

This poses problems not just in terms of the actual vulnerabilities, but also for compliance. From NIS2 and GDPR in the EU to CCPA in the US, as well as industry-specific regulations like HIPAA in healthcare and global standards such as ISO/IEC 27001, which require email security to be considered as part of a broader risk management strategy, organisations are facing an uphill battle if they don’t prioritise email security. Only 73% of employees are aware of their organisation’s email security policies, and just over half (52%) adhere to them day-to-day. This suggests two things: organisations need to get better at devising and communicating their email security policies, and employees need more support – in the form of new tools and technologies – to make those policies easier to follow. 

Why Email Should Be High on the Security Agenda

Email may seem like a familiar and safe channel, but while businesses continue to use email in the way they always have, the threat landscape has matured significantly. AI-driven attacks are making phishing and ransomware increasingly deceptive, with techniques like payloadless phishing allowing attackers to impersonate trusted contacts and manipulate recipients into revealing sensitive information – all without deploying traditional malware. While inbound attacks like this dominate headlines for their sinister and coordinated nature, a significant blind spot lies within organisations, where accidental missteps can be just as damaging as a deliberate attack. Outbound threats – such as emails sent to the wrong recipient, accidental sharing of sensitive data, or files attached without proper encryption – are equally, if not more, pervasive. This creates a dual threat, which combines both external threats and internal vulnerabilities, underlining the need for a more holistic and integrated approach to email security.

What makes outbound threats particularly challenging is their devolved nature and unexpected human behaviour. Even the most diligent employees can – and do – make honest mistakes, often under pressure or through simple oversight. More than half of employees admit to making email mistakes at least once every few months, with 30% saying they make errors on an almost weekly basis. The report delves deeper: sending the wrong email attachment is the most common email error (33%), followed by emailing the wrong person (32%), using CC or BCC incorrectly (20%), using personal email for work (19%), and, finally, clicking on illegitimate links or attachments (17%). 

Email deserves more attention because it is extremely vulnerable to outbound risks as well as being among the top vectors for inbound attacks. This is backed up by the UK’s Information Commissioner’s Officer (ICO) who revealed that, in 2024, data leaks caused by human error – such as misaddressed emails – posed the single greatest threat among all cybersecurity incidents. 

Training, Policy Enforcement, and Finding the Right Tools

The gap between perceived risk and reality faced by security teams is something that most IT leaders are now acutely aware of. Artificial intelligence is increasingly being used to detect anomalies, flag potential threats, and provide real-time alerts to prevent security breaches. However, the focus of many of these solutions is skewed toward inbound threats, and attackers themselves are also using the same technology to create more nuanced, targeted criminal campaigns. This has led many IT leaders to question the pace of innovation from traditional security vendors. Our report found that more than two-thirds (67%) of IT leaders believe vendors are not innovating fast enough to address emerging risks, including outbound vulnerabilities that can lead to data loss and exposure. A majority (67%) of those surveyed also agreed that “Outbound email security doesn’t get much attention beyond compliance, but it is the silent security killer. Sometimes we focus more on perceived risks rather than actual threat realities when it comes to email security.”

Compounding this is the rise of hybrid and remote working environments, which introduce new vulnerabilities as employees work across multiple devices and networks. This makes even the most diligently designed email security policies difficult to enforce, leaving employees shouldering the burden of responsibility when it comes to outbound email vulnerabilities. With email remaining central to communication, this highlights the urgent need for a balanced approach—one that combines technological innovation with ongoing education and awareness to tackle both technical and human vulnerabilities effectively.

An Approach to Email Security Fit for 2025

The path to robust email security lies in a multi-faceted approach that addresses both human and technical vulnerabilities. For organisations, this starts with fostering a culture of security awareness. Training programs must go beyond the basics, equipping employees with the skills to recognise not only phishing attempts but also the risks associated with outbound email errors. Clear communication of security policies is equally vital, ensuring that employees understand the “why” behind the rules and feel empowered to follow them. Less than three-quarters of employees are aware of their organisation’s email security policies, and adherence remains a challenge – highlighting a critical area for improvement.

Technology holds the key. Instead of focusing solely on inbound threats, organisations must invest in solutions geared toward outbound risks that integrate seamlessly with daily workflows, striking the right balance between usability and security. Integrated AI tools can offer real-time guidance to employees, alerting them to potential errors before they occur. Attachments can be flagged as sensitive, recipients can be automatically checked in real-time based on the content of the email, and emails can be recalled if they are still sent accidentally. This level of automation makes it easy for employees to avoid potentially costly mistakes, empowering them to use email safely while adhering to security policies and compliance obligations. 

By adopting technologies that proactively address human error, by supporting employees instead of penalising them, organisations can close the gap between perceived and actual risks, making email a secure and reliable communication channel fit for 2025 and beyond. 

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

SME Today talks to Sa’ed Anabtawi, Product Director, WOLF

What SMEs risk when their IT provider gets bought out

New Microlise Solution Unlocks Fleet Management Opportunities For SMEs

2 Comments

  1. Pingback: Why Email Security Still Matters in 2025 | Dealer Support

  2. Pingback: Why Email Security Still Matters in 2025 | Practice Business

Follow SME Today on Linkedin and share all the topics you find interesting

The Newsletter

Join our mailing list for the best SME stories, handpicked and delivered direct to your inbox every two weeks!

Sign Up
Personal Pension offer
Events Calendar
    • Marketing
    August 29, 2025

    OneMetric forms strategic partnership with RevOps expert to drive UK growth

    August 28, 2025

    The Seven Phases of Festive Shopping and How to Target within Each Effectively

    • Finance
    September 3, 2025

    Five ways to monetise your business EV chargers

    September 1, 2025

    Are you flying blind on your most important business decisions?

    • People
    August 14, 2025

    A Life Worth Saving – A Tribute to Dame Stephanie Shirley CH, 1933–2025

    August 12, 2025

    Finance Director Returns As Judge For National Business Awards

    • Health & Safety
    September 2, 2025

    1 in 3 employees anxious about lack of first aiders at work

    July 1, 2025

    Temperatures Soaring: Is Your Workplace Becoming Unsafe?

    • Events
    July 22, 2025

    South West Expo Delivers Outstanding Event at Swindon’s STEAM Museum

    July 4, 2025

    £20k grant for female-founded SME up for grabs

    • Community
    July 11, 2025

    Building community, one cause at a time

    June 23, 2025

    Celebrating One Year In Fairford Supporting The Community

    • Food & Drink
    August 22, 2025

    How to get stocked by major retailers as an SME

    July 18, 2025

    Warning to Small Businesses Over New Food Waste Regulations

    • Books
    September 3, 2025

    New book on conquering fear of public speaking

    August 7, 2025

    Learning to Leave a Legacy in Business

    About

    SME Today is published by the same team who deliver The Great British Expos’. We have been organising various corporate events for the last 10 years, with a strong track record of producing well managed and attended business events across the UK.

    Join Our Mailing List

    Receive the latest news and updates from SMEToday.
    Read our Latest Newsletter:


    Sign Up
    X (Twitter) YouTube LinkedIn
    Categories
    • Books
    • Community & Charity
    • Education and Training
    • Environment
    • Events
    • Features
    • Finance
    • Food and Drink
    • Health & Safety
    • HR & Recruitment
    • In Profile
    • Legal
    • Marketing
    • News
    • People
    • Property & Development
    • Sponsored Content
    • Technology
    • Transport & Tourism
    • Wellbeing & Mental Health
    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Editorial Submission Guidelines
    • Privacy
    • Contact
    Copyright © 2025 SME Today.
    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Editorial Submission Guidelines
    • Privacy
    • Contact

    Type above and press Enter to search. Press Esc to cancel.